Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Cisco Identity Services Engine WEB interface, which can be exploited by a remote attacker to inject malicious script or HTML code, which can be use...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper filtering of file contents used in generating reports from the general-template.md template. An attacker can execute arbitrary commands on the host by injecting malicious scripts into the inp...

Cross-Site Scripting (XSS)

Umbraco is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the Dictionary section, which can allow attackers to inject and execute malicious scripts when accessed by a user with admin privileges...

CVE-2024-47549

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...

CVE-2024-48396

AIML Chatbot 1.0 fixed in 2.0 is vulnerable to Cross Site Scripting XSS. The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts...

PT-2024-33171 · Sage · Sage 1000

Name of the Vulnerable Software and Affected Versions: Sage 1000 version 7.0.0 Description: A Reflected Cross-Site Scripting issue exists, allowing attackers to inject malicious scripts into URLs. These scripts are reflected back by the server in the response without proper sanitization or...

Cross-site Scripting (XSS)

gradio is vulnerable to Cross-site Scripting XSS. The vulnerability is due to inadequate file type restrictions or server-side validation for the upload of HTML, JS, or SVG files. An attacker can execute unauthorized actions or steal sensitive information by uploading malicious scripts that execu...

CVE-2019-25214 ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting

The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating...

CVE-2019-25214 ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting

The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating...

BIT-MAGENTO-2024-45127

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

PYSEC-2024-220

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...

Cross-site Scripting (XSS)

Mediawiki Cargo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of input during web page generation, allowing attackers to execute malicious scripts...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of vulnerable form fields. An attacker with administrative privileges can inject malicious scripts, which are then execute...

Magento Open Source stored Cross-Site Scripting (XSS) vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

CVE-2024-45127

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

CVE-2024-45127

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

CVE-2024-45127

CVE-2024-45127 is cited for Adobe Commerce (Magento) in multiple documents as a stored Cross-Site Scripting (XSS) vulnerability. Affected versions include 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The vulnerability allows an admin attacker to inject malicious scripts into vulnerable fo...

CVE-2024-45127 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

CVE-2024-45127 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser...

Cross-Site Scripting (XSS)

PHPSpreadsheet is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to \PhpOffice\PhpSpreadsheet\Writer\Html not sanitizing "javascript:" URLs from hyperlink href attributes, which allows an attacker to execute malicious scripts in the context of a user's browser session...